[Snort-users] Snort 2.9 for IPv6
oagvozd at gmail.com
Wed Feb 21 09:27:36 EST 2018
Daq can not sniff both on V4 and v6. So 2 instanses of snort is the only
2018-02-21 17:17 GMT+03:00 oleg gv <oagvozd at gmail.com>:
> I can not see alert on the next rules
> alert ip any any --> IPV6_ADDRESS any (...)
> alert icmp any any --> IPV6_ADDRESS any (...)
> I use ping6 to test it.
> Ipv4 test works fine.
> Snort is build with --enable-ipv6 and uses ip6tables NFQUEUE.
> Other ipv6 tcp/udp alerts also works fine.
> Is it possible to detect IPv6 addresses in ip/icmp protocol rules ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users